A Google Project Zero researcher has found some critical vulnerabilities including a remote code execution in Broadcom’s Wi-Fi system-on-chip (SoC) which if exploited can allow attackers to compromise smartphone devices like iOS and Android devices.
In a blog post by the researcher, Gal Beniamini, he revealed that a hacker within the range of a shared WiFi network will potentially be able to execute arbitrary code on a targeted device. This ultimately resulted in a full device takeover just through WiFi alone and requires no user interaction, meaning that the victim doesn’t need to click a link or download a file for this hack to work.
“We’ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex, it still lags behind in terms of security,” writes Beniamini. “Specifically, it lacks all basic exploit mitigations—including stack cookies, safe unlinking and access permission protection (by means of [a memory protection unit.])”
Before you panic, we should note that Apple has since addressed the flaw with the release of iOS 10.3.1. Unfortunately for Android users, ArsTechnica writes, “As is all too often the case for Android users, there’s no easy way to get a fix immediately, if at all. That’s because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it.”
Thankfully this hack exists as a proof-of-concept right now as there has been no proof that it has been used in real life, but hopefully for the sake of Android users, Google and Android OEMs will release a patch to address this bug in the near future.